Law Firm Loses $78K in Massive Malware Scheme That Was Disabled by Feds

Updated: Federal authorities say they have disabled, with the help of Microsoft Corp., a massive “botnet” that is believed to have been operating for a decade and infecting nearly 2 million computers in the United States alone. A botnet is defined by PC Magazine as “a large number of compromised computers that are used to generate spam, relay viruses or flood a network or Web server with excessive requests to cause it to fail.”

Believed to have been run from Russia, it has allegedly been used to steal perhaps $100 million, including $78,421 from an unidentified South Carolina law firm’s bank account, according to Bloomberg.

Relying on information from the Department of Justice, court filings, an internet security analyst and an unidentified agent of the FBI, the news service says the operation to shut down the so-called Coreflood botnet is the first time federal authorities have ever taken command of the network running such a scheme and sent instructions to victim computers to disable the malware.

“There has been a real legal barrier to do this because essentially you are issuing instructions to someone else’s computer,” Alex Cox of the NetWitness Corp. cyber-security firm tells the news agency. “That is very, very significant.”

The botnet exploited a flaw in the Microsoft Windows operating system for which a fix was offered earlier this week, reports Computer Weekly.

It estimates that losses from the operation may have totaled $100 million or more. Five command and control servers and 29 domain names were seized by the DOJ and FBI in a joint operation in order to shut down the botnet, in what federal authorities say is a first-of-its-kind law enforcement operation in the United States.

The U.S. Attorney’s office in Connecticut has filed a civil complaint against more than a dozen individuals accused of bank fraud, wire fraud and illegal interception of electronic communications in connection with the alleged botnet, reports the New Haven Independent.